U.S. patent application number 10/454531 was filed with the patent office on 2004-01-15 for authentication system and key registration apparatus.
Invention is credited to Futa, Yuichi, Kitatora, Hirohito, Matsuzaki, Natsume, Ohmori, Motoji, Tatebayashi, Makoto, Yokota, Kaoru.
Application Number | 20040010688 10/454531 |
Document ID | / |
Family ID | 29561752 |
Filed Date | 2004-01-15 |
United States Patent
Application |
20040010688 |
Kind Code |
A1 |
Matsuzaki, Natsume ; et
al. |
January 15, 2004 |
Authentication system and key registration apparatus
Abstract
In an authentication system, a key registration apparatus
receives input of an identifier unique to a second device,
generates first key data from the identifier according to a
predetermined key generation algorithm, and transmits the generated
first key data to a first device, which receives and stores the
first key data, and authenticates the second device with use of the
first key data. The second device stores in advance second key data
generated from the identifier according to the predetermined key
generation algorithm, and is authenticated by the first device with
use of the second key data. Accordingly, the first and second
devices cannot be registered without using the key registration
apparatus, thereby preventing communication with unregistered
devices. This enables usage of content to be limited to individual
usage in the home of a user, and can be realized even with devices
that are not connected outside the home.
Inventors: |
Matsuzaki, Natsume; (Mino,
JP) ; Tatebayashi, Makoto; (Takarazuka, JP) ;
Yokota, Kaoru; (Ashiya, JP) ; Futa, Yuichi;
(Osaka, JP) ; Ohmori, Motoji; (Hirakata, JP)
; Kitatora, Hirohito; (Osaka, JP) |
Correspondence
Address: |
WENDEROTH, LIND & PONACK, L.L.P.
2033 K STREET N. W.
SUITE 800
WASHINGTON
DC
20006-1021
US
|
Family ID: |
29561752 |
Appl. No.: |
10/454531 |
Filed: |
June 5, 2003 |
Current U.S.
Class: |
713/169 |
Current CPC
Class: |
H04L 63/0853 20130101;
H04L 63/062 20130101; H04L 63/0876 20130101; H04L 9/0897 20130101;
H04L 9/3273 20130101; H04L 12/2803 20130101; H04L 9/0822 20130101;
H04L 9/321 20130101; H04L 2209/60 20130101; H04L 9/0891 20130101;
H04L 9/0866 20130101; G06Q 20/388 20130101 |
Class at
Publication: |
713/169 |
International
Class: |
H04L 009/00 |
Foreign Application Data
Date |
Code |
Application Number |
Jun 11, 2002 |
JP |
2002-170251 |
Claims
What is claimed is:
1. An authentication system comprising a first device and a second
device that perform authentication, and a key registration
apparatus, wherein the key registration apparatus receives input of
an identifier unique to the second device, generates first key data
from the identifier according to a predetermined key generation
algorithm, and transmits the generated first key data to the first
device, the first device receives the first key data, stores the
received first key data, and authenticates the second device with
use of the first key data, and the second device stores in advance
second key data generated from the identifier according to the
predetermined key generation algorithm, and is authenticated by the
first device with use of the second key data.
2. An authentication system comprising a first device and a second
device that perform authentication, and a key registration
apparatus, wherein the key registration apparatus receives input of
a second device identifier unique to the second device, generates
first key data from the second device identifier according to a key
generation algorithm, and transmits the generated first key data to
the first device, the first device receives the first key data,
stores the received first key data, and authenticates the second
device with use of the first key data, and the second device stores
a plurality of pieces of key data in advance, each piece of key
data having been generated from the second device identifier
according to a different key generation algorithm, selects one of
the plurality of pieces of key data as second key data, the
selected piece of key data having been generated according to the
key generation algorithm, and is authenticated by the first device
with use of the second key data.
3. The authentication system of claim 2, wherein the first device
further receives key revocation data that shows that the key
registration apparatus is revoked and that has been generated by a
management organization that manages revocation of key registration
apparatuses, and revokes the first key data received from the
revoked key registration apparatus, and the second device receives
the key revocation data, and revokes the second key data.
4. The authentication system of claim 3, further comprising: a key
re-registration apparatus that receives input of the second device
identifier, generates third key data from the second device
identifier according to another key generation algorithm that is
different to the key generation algorithm of the key registration
apparatus, and transmits the generated third key data and the
second device identifier to the first device, wherein the first
device further receives the third key data and the second device
identifier, stores the third key data and the second device
identifier in correspondence, and authenticates the second device
with use of the third key data, and the second device is further
authenticated by the first device with use of fourth key data, the
fourth key data having been selected from the plurality of pieces
of key data and having been generated according to the same key
generation algorithm as the third key data.
5. The authentication system of claim 3, wherein the key revocation
data further includes a unique identifier of the revoked key
registration apparatus, and the first device further stores the
unique identifier as a revoked identifier, receives a key
registration apparatus identifier that is unique to the key
registration apparatus from the key registration apparatus together
with the first key data, judges whether the received key
registration apparatus identifier matches the stored revoked
identifier, and when the received key registration apparatus
identifier is judged to match the stored revoked identifier,
refuses reception of the first data from the key registration
apparatus.
6. The authentication system of claim 5, wherein the key revocation
data further includes signature data that has been generated by the
management organization by applying a signature of the management
organization to the key revocation data, and the first device
verifies the signature data, and when the verification is
successful, stores the key registration apparatus identifier as the
revoked identifier.
7. A key registration apparatus that sets first key data in a first
device, the first key data being identical to second key data that
is held by a second device and that is for performing
authentication with the first device, the key registration
apparatus comprising: an input unit operable to receive an input of
a second device identifier that is unique to the second device; a
key data generation unit that has a key generation algorithm, and
is operable to generate the first key data from the second device
identifier according to the key generation algorithm; and an output
unit operable to output the generated first key data to the first
device.
8. The key registration apparatus of claim 7, wherein the output
unit encrypts the first key data, and outputs the encrypted first
key data to the first device, and the first device receives the
encrypted first key data, and decrypts the received encrypted first
key data.
9. The key registration apparatus of claim 7, wherein the output
unit transmits the first key data to the first device via a network
and the first device receives the first key data via the
network.
10. The key registration apparatus of claim 7, further comprising:
an authentication unit operable to authenticate the first device,
wherein the key data generation unit generates the first key data
when authentication by the authentication unit is successful.
11. The key registration apparatus of claim 7, wherein the key data
generation unit stores a function for generating the first key data
from the second device identifier, reads the function, and assigns
the second device identifier to the read function to generate the
first key data.
12. The key registration apparatus of claim 7, being an IC card,
and being connectable to one of a mobile telephone and a mobile
information terminal, wherein the output unit outputs to the first
device via the one of the mobile telephone and the mobile
information terminal.
13. A program used in a key registration apparatus that sets first
key data in a first device, the first key data being identical to
second key data that is held by a second device and that is for
performing authentication with the first device, the program
comprising: an input step of receiving an input of a second device
identifier that is unique to the second device; a key data
generation step of generating the first key data from the second
device identifier according to a key generation algorithm held by
the key registration apparatus; and an output step of outputting
the generated first key data to the first device.
14. A method used in a key registration apparatus that sets first
key data in a first device, the first key data being identical to
second key data that is held by a second device and that is for
performing authentication with the first device, the method
comprising: an input step of receiving an input of a second device
identifier that is unique to the second device; a key data
generation step of generating the first key data from the second
device identifier according to a key generation algorithm held by
the key registration apparatus; and an output step of outputting
the generated first key data to the first device.
15. A computer-readable recording medium having stored thereon a
program used in a key registration apparatus that sets first key
data in a first device, the first key data being identical to
second key data that is held by a second device and that is for
performing authentication with the first device, the program
comprising: an input step of receiving an input of a second device
identifier that is unique to the second device; a key data
generation step of generating the first key data from the second
device identifier according to a key generation algorithm held by
the key registration apparatus; and an output step of outputting
the generated first key data to the first device.
Description
[0001] This application is based on an application No. 2002-170251
filed in Japan, the content of which is hereby incorporated by
reference.
BACKGROUND OF THE INVENTION
[0002] (1) Field of the Invention
[0003] The present invention relates to a system in which
encryption authentication communication is performed between a
plurality of devices.
[0004] (2) Description of the Related Art
[0005] Content distribution services that distribute various music
and movies using packaged media, the Internet or broadcasting have
become prevalent in recent years. Such services require content
protection techniques that reflect the wishes of the protector of
copyright of the content. The protector may wish, for example, to
charge for the content distribution service, and to limit the
content to individual usage in homes of users who have a content
distribution contract. Alternatively, the protector may wish to
prohibit transmission of the content over the Internet, since the
Internet can be accessed by numerous unspecified users.
[0006] DTCP (Digital Transmission Content Protection) is one system
that offers a content protection technique for realizing the wishes
of the content copyright protector. In DTCP, digital content is
distributed via a bus specified by IEEE1394, which is one
specification for a high-speed serial bus. DTCP is described in
detail in Document 1.
[0007] In DTCP, encryption authentication communication is
performed between mutually connected devices that comply to DTCP
specifications, under the management of a manager called a DTLA
(Digital Transmission Licensing Administrator, LLC). The encryption
authentication works as follows.
[0008] (1) A transmission apparatus and a reception apparatus both
have an individual secret key distributed by the DTLA based on a
contract with the DTLA. Note that devices to which the secret key
is distributed use a prescribed secret key management
implementation method. Furthermore, transmission of content over
the Internet is prohibited by the DTCP contract.
[0009] (2) The transmission apparatus and the reception apparatus
perform mutual authentication using the secret key. Furthermore,
the transmission apparatus encrypts content that requires
protection, using a key that has been shared in authentication, and
transmits the encrypted content to the reception apparatus.
[0010] (3) The transmission apparatus gives each of a maximum of 63
reception devices a key for decrypting the content. Individual
usage of content can be easily realized by AVC command restrictions
and device number restrictions specified by IEEE1394.
[0011] The following describes an outline of an authentication
system that uses Kerberos. Note that Kerberos is described in
detail in Document 2.
[0012] In Kerberos, legal devices are registered in advance in a
Kerberos server. As one example, in order to use content, a device
first accesses the Kerberos server, receives a first authentication
from the Kerberos server based on registered information, and
obtains a ticket (initial ticket) that is valid for that day from
the Kerberos server. Next, the device accesses a server that
provides a service, presents the initial ticket received from the
Kerberos server, receives a second authentication from the server,
and then uses the content.
[0013] In this way, in Kerberos, a registered device is able to use
any service freely within the determined validity period by being
authenticated twice.
[0014] However, neither of the above-described methods enable
differentiation between home devices and external devices, and
therefore do not enable limitation of individual usage inside the
home of a user who has a content distribution contact.
[0015] <Document 1>
[0016] 5C Digital Transmission Content Protection White Paper,
Revision 1.0, Jul. 14, 1998
[0017] <Document 2>
[0018] Tung, Brian KERBEROS Network Ninsho System (KERBEROS: A
Network Authentication System), trans. Kuwamura, Jun, Pearson
Publishing, 1999
SUMMARY OF THE INVENTION
[0019] In view of the described problems, the object of the present
invention is to provide an authentication system and a key
registration apparatus that enable a device in the home of a user
to be easily set in order to limit usage of content to individual
usage in the home.
[0020] In order to achieve the stated object, the present invention
is an authentication system including a first device and a second
device that perform authentication, and a key registration
apparatus, wherein the key registration apparatus receives input of
an identifier unique to the second device, generates first key data
from the identifier according to a predetermined key generation
algorithm, and transmits the generated first key data to the first
device, the first device receives the first key data, stores the
received first key data, and authenticates the second device with
use of the first key data, and the second device stores in advance
second key data generated from the identifier according to the
predetermined key generation algorithm, and is authenticated by the
first device with use of the second key data.
[0021] According to the stated structure, the second device cannot
be registered to the first device without using the key
registration apparatus, thereby preventing communication with
unregistered devices. This enables usage of content to be limited
to individual usage in the home of a user. Furthermore, by using
the key registration apparatus, the first key data can be easily
set in the first device.
BRIEF DESCRIPTION OF THE DRAWINGS
[0022] These and other objects, advantages and features of the
invention will become apparent from the following description
thereof taken in conjunction with the accompanying drawings which
illustrate a specific embodiment of the invention.
[0023] In the drawings:
[0024] FIG. 1 is a block diagram showing the overall structure of
an authentication system 1100;
[0025] FIG. 2 is a block diagram showing the structure of a
special-purpose terminal 100 and a home server 300;
[0026] FIG. 3 is a block diagram showing the structure of the home
server 300 and a TV 400;
[0027] FIG. 4 is a flowchart showing operations by a control unit
101;
[0028] FIG. 5 is a flowchart showing operations when a control unit
301 registers a key;
[0029] FIG. 6 is a flowchart showing operations when the control
unit 301 distributes content to the TV 400;
[0030] FIG. 7 is a flowchart showing operations in mutual
authentication between an authentication unit 307 and an
authentication unit 402;
[0031] FIG. 8 is a block diagram showing the overall structure of
an authentication system 1200;
[0032] FIG. 9 is a block diagram showing the internal structure of
a storage unit 325;
[0033] FIG. 10 is a block diagram showing the internal structure of
a storage area 330 when an authentication key Key14 is stored;
[0034] FIG. 11 is a block diagram showing the internal structure of
the storage area 330 when the special-purpose terminal 120 is
revoked;
[0035] FIG. 12 is a block diagram showing the internal structure of
the storage area 330 when a special-purpose terminal 140 is
re-registered;
[0036] FIG. 13 is a flowchart showing operations by a control unit
321;
[0037] FIG. 14 is a block diagram showing the overall structure of
an authentication system 1300;
[0038] FIG. 15 is a block diagram of the special-purpose terminal
120;
[0039] FIG. 16 is a block diagram of the special purpose terminal
140;
[0040] FIG. 17 is a block diagram of a home server 320;
[0041] FIG. 18 is a block diagram of a TV 420; and
[0042] FIG. 19 is a block diagram of a TV 520.
DESCRIPTION OF THE PREFERRED EMBODIMENT
[0043] The following describes details of embodiments of the
present invention with use of the drawings.
[0044] 1. First embodiment
[0045] 1.1 Structure of Authentication System 1100
[0046] As shown in FIG. 1, the authentication system 1100 is
composed of a special-purpose terminal (hereinafter referred to
simply as a "terminal") 100, a home system 200, and a content
distribution apparatus 800. The home system 200 is composed of a
home server 300, a TV 400, a TV 500, and a router 600.
[0047] A management organization 900 that provides content to users
for a fee has the terminal 100 and the content distribution
apparatus 800. The content distribution apparatus 800 provides
content by recording the content on recording media. Note that when
the home system 200 and the content distribution apparatus 800 are
connected via a network, content may be distributed via the
network.
[0048] The user has the home system 200 in his/her home.
[0049] A service technician takes the terminal 100 to the user's
home after being instructed to visit the home by the management
organization 900, and connects the terminal 100 to the home server
300 via a special-purpose interface. Note that the terminal 100 may
instead be connected to the home server 300 via a general-purpose
interface such as a USB.
[0050] The terminal 100 receives, as input from outside, a device
identifier ID4 that is an ID unique to the TV 400, generates an
authentication key Key14 from the device identifier ID4, and
transmits the generated authentication key Key14 and the device
identifier ID4 to the home server 300. The home server 300 stores
the authentication key Key14 and the device identifier ID4 in
correspondence.
[0051] The TV 400 stores the authentication key Key14 in advance.
When the user has the TV 400 play back the content, the home server
300 authenticates the TV 400 using the authentication key Key14,
and transmits the content to the TV 400 when the authentication is
successful. The TV 400 receives and then plays back the
content.
[0052] In this way, the user is able to enjoy the content.
[0053] The following describes the various compositional elements
of the authentication system 1100 in detail.
[0054] 1.1.1 Terminal 100
[0055] The terminal 100 is an apparatus for registering the device
identifier ID4 and the authentication key Key14 of the TV 400 in
the home server 300. The terminal 100 is held by the service
technician who has received the instruction from the management
organization 900. The service technician confirms that the TV 400
is in the home, and subsequently uses the terminal 100 to set the
TV 400 to be able to use content with a device that has a
pre-determined content protection function.
[0056] As shown in FIG. 2, the terminal 100 is composed of a
control unit 101, an input unit 102, a verification unit 103, a
storage unit 104, and encryption unit 105, a key generation unit
106, a transmission/reception unit 107, and an authentication unit
108.
[0057] The following describes each structural component in
detail.
[0058] (1) Storage Unit 104
[0059] The storage unit 104 stores a service technician identifier
ID_S1, a password S1 and a function F. Furthermore, the storage
unit 104 stores an encryption key F1 for encrypting the device
identifier ID4 with use of the function F.
[0060] Here, the function F is, for example, a DES encryption
algorithm. Since DES is commonly known, a description is omitted
here.
[0061] The service technician identifier ID_S1 is an ID that is
unique to the service technician who uses the terminal 100. The
password S1 is for using the terminal 100, and is known only by the
service technician.
[0062] The service technician identifier ID_S1 and the password S1
limit the party who is able to use the terminal 100 to the service
technician.
[0063] (2) Input Unit 102
[0064] The input unit 102 receives inputs of the service technician
identifier ID_S1, the password S1, and the device identifier ID4,
according to operations by the service technician, and outputs the
received data to the control unit 101.
[0065] (3) Verification Unit 103
[0066] The verification unit 103 verifies in the following way
whether the service technician has permission to use the terminal
100.
[0067] The verification unit 103 receives the service technician
identifier ID_S1 and the password S1 from the control unit 101, and
reads the ID and the password stored in the storage unit 104. The
verification unit 103 verifies whether the received service
technician identifier ID_S1 and password S1 match the read ID and
password, and outputs a verification result to the control unit
101.
[0068] (4) Authentication Unit 108
[0069] The authentication unit 108 performs mutual authentication
with the home server 300. As one example, mutual authentication is
performed according to the challenge-response method using common
information. Since the challenge-response method is well known, a
description thereof is omitted here.
[0070] The authentication unit 108 outputs an authentication result
to the control unit 101.
[0071] (5) Key Generation Unit 106
[0072] The key generation unit 106 receives the device identifier
ID4 from the control unit 101, reads the function F from the
storage unit 104, and generates the authentication key Key14 from
the device identifier ID4 using the read function F.
[0073] Here, the authentication key Key14 is expressed as
authentication key Key14=F (F1, ID4). F(A,B) represents encrypting
B using an encryption key A.
[0074] The key generation unit 106 outputs the generated
authentication key Key14 to the control unit 101.
[0075] (6) Encryption Unit 105
[0076] The encryption unit 105 has an encryption key El.
[0077] The encryption unit 105 receives the device identifier ID4
and the authentication key Key14 from the control unit 101, and
encrypts the received device identifier ID4 and authentication key
Key14 based on the encryption algorithm E, to generate an encrypted
device identifier ID 4 and an encrypted authentication key Key14.
Here, the encrypted device identifier ID4 is expressed as encrypted
device identifier TD4=E (E1, ID4). Furthermore, the encrypted
authentication key Key14 is expressed as encrypted authentication
key Key14=E (E1, Key14). E(A,B) represents encrypting B using an
encryption key A.
[0078] As one example, the encryption algorithm E is an RSA
encryption algorithm. Since RSA is well known, a description
thereof is omitted here.
[0079] The encryption unit 105 outputs the encrypted device
identifier ID4 and the encrypted authentication key Key14 to the
control unit 101.
[0080] (7) Transmission/Reception Unit 107
[0081] The transmission/reception unit 107 transmits and receives
data to and from the home server 300. The transmission/reception
unit 107 receives the encrypted device identifier ID4 and the
encrypted authentication key Key14 from the control unit 101, and
transmits the received encrypted device identifier ID4 and
encrypted authentication key Key14 to the home server 300.
[0082] (8) Control Unit 101
[0083] The control unit 101 receives the service technician
identifier ID_S1 and the password S1 from the input unit 102, and
has the verification unit 103 verify the received service
technician identifier ID_S1 and password S1. The control unit 101
receives a verification result from the verification unit 103, and
judges whether the verification result is success or not. When the
verification result is not success, the control unit 101 ends the
processing, and when the verification result is success, the
control unit 101 continues processing.
[0084] The control unit 101 receives the device identifier ID4 from
the input unit 102, and has the authentication unit 108 perform
mutual authentication with the home server 300. The control unit
101 receives and authentication result from the authentication unit
108, and judges whether the authentication result is success or
not. When the authentication result is not success, the control
unit 101 ends the processing, and when the authentication result is
success, the control unit 101 outputs the device identifier ID4 to
the key generation unit 106, and has the key generation unit 106
generate a key. The control unit 101 receives the authentication
key Key14 from the key generation unit 106, and outputs the
received authentication key Key14 and device identifier ID4 to the
encryption unit 105.
[0085] The control unit 101 transmits the encrypted device
identifier ID4 and the encrypted authentication key Key14 received
from the encryption unit 105 to the home server 300 via the
transmission/reception unit 107.
[0086] 1.1.2 Home Server 300
[0087] The home server 300 is a device that is authorized by the
management organization, and stores content. The home server 300
authenticates the TV 400 or the TV 500 using a key registered by
the terminal 100, and transmits the stored content to the
authenticated TV.
[0088] As shown in FIG. 2, the home server 300 is composed of a
control unit 301, an authentication unit 302, a
transmission/reception unit 303, decryption unit 304, a storage
unit 305, a transmission/reception unit 306, an authentication unit
307, and an encryption unit 308.
[0089] The following describes each of the compositional
elements.
[0090] (1) Storage Unit 305
[0091] The storage unit 305 is composed of a storage area 309 and a
storage area 310. The storage area 310 cannot be observed or
modified from outside.
[0092] The storage area 309 stores content.
[0093] The storage area 310 stores the registered TV 500 device
identifier ID5 and authentication key Key15 in correspondence.
Furthermore, the storage area 310 also has an area for storing the
TV 400 device identifier ID4 and authentication key Key14 that are
received from the terminal 100.
[0094] (2) Transmission/Reception Unit 303
[0095] The transmission/reception unit 303 is physically connected
to the terminal 100, and transmits and receives data to and from
the terminal 100.
[0096] (3) Authentication Unit 302
[0097] The authentication unit 302 performs mutual authentication
with the terminal 100. As one example, mutual authentication is
performed according to the challenge-response method using common
information. The authentication unit 302 outputs an authentication
result to the control unit 301.
[0098] (4) Decryption Unit 304
[0099] The decryption unit 304 decrypts the encrypted device
identifier ID4 and the encrypted key Key14 received from the
control unit 301, in accordance with a decryption algorithm D, to
generate a device identifier ID4 and an authentication key Key14.
Here, the decryption algorithm D performs the inverse process of
the encryption algorithm E.
[0100] The decryption unit 304 outputs the device identifier ID4
and the authentication key Key14 to the control unit 301.
[0101] (5) Transmission/Reception Unit 306
[0102] The transmission/reception unit 306 transmits and receives
data to and from the TV 400 and the TV500 via the router 600.
[0103] (6) Authentication Unit 307
[0104] When distributing content to the TV 400, the authentication
unit 307 authenticates the TV 400 using the device identifier ID4
and the authentication key Key14, and shares a session key with the
TV 400.
[0105] As one example, authentication and session key sharing are
performed as follows.
[0106] The authentication unit 307 generates a random number r1,
transmits the random number r1 to the TV 400, and subsequently
receives an encrypted r1r2 from the TV 400. The encrypted r1r2 has
been generated by the TV 400 by generating a random number r2,
concatenating the random numbers r1 and r2 to form r1r2, and
encrypting r1r2 using the authentication key Key14. The
authentication unit 307 decrypts the received encrypted r1r2, and
authenticates the TV 400 by deriving the original random number r1
from the decrypted r1r2.
[0107] Furthermore, the authentication unit 307 outputs the random
number r2 derived from the decrypted data r1r2 to the encryption
unit 308 as the session key.
[0108] When distributing content to the TV 500, the authentication
unit 307 shares a session key with the TV 500 in the same way.
[0109] (7) Encryption Unit 308
[0110] The encryption unit 308 encrypts the content stored in the
storage area 309.
[0111] The encryption unit 308 encrypts the content to be
distributed to the TV 400 using the session key r2 derived by the
authentication unit 307 when authenticating the TV 400, to generate
encrypted content. The encryption unit 308 then outputs the
encrypted content to the control unit 301.
[0112] The encryption unit 308 also encrypts content to be
distributed to the TV 500 using a session key derived in the same
way.
[0113] (8) Control Unit 301
[0114] On the terminal 100 being connected, the control unit 301
has the authentication unit 302 perform mutual authentication with
the terminal 100. The control unit 301 receives an authentication
result from the authentication unit 302, and judges whether the
authentication result is success. When the authentication result is
not success, the control unit 301 ends processing, and when the
authentication result is success, the control unit 301 continues
the processing. The control unit 301 receives the encrypted device
identifier ID4 and the encrypted authentication key Key14 from the
terminal 100 via the transmission/reception unit 303, outputs the
received encrypted device identifier ID4 and encrypted
authentication key Key14 to the decryption unit 304, and has the
decryption unit 304 decrypt the encrypted device identifier ID4 and
the encrypted authentication key Key14.
[0115] The control unit 301 receives the decrypted device
identifier ID4 and the decrypted authentication key Key14 from the
decryption unit 304, and writes the received device identifier ID4
and authentication key Key14 in correspondence to the storage area
310.
[0116] When distributing content to the TV 400, the control unit
301 has the authentication unit 307 authenticate the TV 400. The
control unit 301 receives an authentication result from the
authentication unit 307, and judges whether the authentication
result is success or not. When the authentication result is not
success, the control unit 301 ends distribution of the content, and
when the result is success, the control unit 301 has the encryption
unit 308 encrypt the content. The control unit 301 receives the
encrypted content from the encryption unit 308, and distributes the
encrypted content to the TV 400 via the transmission/reception unit
306.
[0117] The control unit 301 processes in the same way when
distributing content to the TV 500.
[0118] 1.1.3 TVs 400 and 500
[0119] The TVs 400 and 500 are authorized in advance by the
management organization 900.
[0120] The TV 400 has the device identifier ID4, which is unique to
the TV 400 and set by the management organization 900, displayed in
a place that is visible from outside.
[0121] As shown in FIG. 3, the TV 400 is composed of a control unit
401, an authentication unit 402, a transmission/reception unit 403,
a decryption unit 407, a storage unit 404, a monitor 405, and a
speaker 406. The TV 500 has the same structure. Note that the home
server 300, the router 600 and the TV 400 are shown as being in a
row in FIG. 3 for the sake of simplicity.
[0122] The following describes each of the compositional
elements.
[0123] (1) Storage Unit 404
[0124] The storage unit 404 is a storage area that is unable to be
observed or modified from outside. The storage unit 404 stores the
device identifier ID4 that is unique to the TV 400, and the
authentication key Key14. The authentication key Key14 has been
generated from the device identifier ID4 using a secret function
F.
[0125] (2) Authentication Unit 402
[0126] The authentication unit 402 performs mutual authentication
with the home server 300.
[0127] The authentication unit 402 receives the random number r1
via the transmission/reception unit 403, and reads the
authentication key Key14 from the storage unit 404. The
authentication unit 402 then generates the random number r2,
concatenates the random numbers r1 and r2 to generate data r1r2,
and encrypts the generated data r1r2 using the read authentication
key Key14, to generate encrypted data r1r2. The authentication unit
402 transmits the encrypted data r1r2 to the home server 300 via
the transmission/reception unit 403.
[0128] The authentication unit 402 outputs the generated random
number r2 to the decryption unit 407 as the session key.
[0129] The authentication unit 402 outputs the authentication
result to the control unit 401.
[0130] (3) Decryption Unit 407
[0131] The decryption unit 407 receives the encrypted content via
the transmission/reception unit 403, and decrypts the received
encrypted content using the session key r2 generated by the
authentication unit 402. The decryption unit 407 then outputs the
decrypted content to the control unit 401.
[0132] (4) Monitor 405
[0133] The monitor 405 displays image data received from the
control unit 401.
[0134] (5) Speaker 406
[0135] The speaker 406 outputs audio data received from the control
unit 401.
[0136] (6) Transmission/Reception Unit 403
[0137] The transmission/reception unit 403 transmits and receives
data to and from the home server 300 via the router 600.
[0138] (7) Control Unit 401
[0139] The control unit 401 has the authentication unit 402 perform
mutual authentication with the home server 300 via the
transmission/reception unit 403. The control unit 401 receives an
authentication result form the authentication unit 402, judges
whether the authentication result is success or not, and ends
processing when the authentication result is not success.
[0140] The control unit 401 has the decryption unit 407 decrypt
encrypted content received from the home server 300 via the
transmission/reception unit 403. The control unit 401 receives
decrypted content from the decryption unit 407, and outputs the
decrypted content to the monitor 405 and the speaker 406.
[0141] 1.2 Operations by the Authentication System 1100
[0142] 1.2.1 Operations when Registering the TV 400 in the Home
Server 300 using the Terminal 100
[0143] The following describes operations when a service technician
who has the terminal 100 registers the TV 400 in the home server
300 of the home system 200. Note that the TV 500 is already
registered in the home server 300.
[0144] The service technician takes the terminal 100 to the user's
home. When usage of content is permitted with an individual usage
range, the service technician confirms that the TV 400 is in the
home, and performs registration processing.
[0145] Before registering the TV 400 in the home server 300, the
service technician inputs his/her service technician identifier
ID_Si and the password SI. The control unit 101 of the terminal 100
receives input of the service technician ID_Si and the password S1
via the input unit 102, and has the verification unit 103 verify
the service technician identifier ID_S1 and the password S1. On
receiving a verification result from the verification unit 103, the
control unit 101 judges whether the verification result is success
or not. The registration processing ends when the verification
result is not success, and continues when the verification result
is success.
[0146] The terminal 100 is connected by the service technician to
the home server 300. When the input unit 102 receives an input of
the device identifier ID4 (step S1), the control unit 101 has the
authentication unit 108 perform mutual authentication with the home
server 300 (step S2). The control unit 101 receives an
authentication result from the authentication unit 108, and judges
whether the authentication result is success or not (step S3) when
the authentication result is not success (step S3, NO) the
processing ends. When the authentication result is success (step
S3; YES), the control unit 101 has the key generation unit 106
generate a key (step S4). The control unit 101 receives the
generated authentication key Key14 from the key generation unit
106, and has the encryption unit 105 encrypt the device identifier
ID4 and the authentication key Key14 (step S5). The control unit
101 then transmits the encrypted device identifier ID4 and the
encrypted authentication key Key14 to the home server 300 via the
transmission/reception unit 107 (step S6).
[0147] 1.2.2 Operations when the Home Server 300 Registers a
Key
[0148] The following describes with use of FIG. 5 operations when
the home server 300 writes information received from the terminal
100.
[0149] The control unit 301 of the home server 300 has the
authentication unit 302 perform mutual authentication with the
terminal 100 (step S11). On receiving an authentication result from
the authentication unit 302, the control unit 301 judges whether
the authentication result is success or not (step S12), and when
the authentication result is not success (step S12, NO), the
processing ends. When the authentication result is success (step
S12, YES), the control unit 301 waits for data to be transmitted
from the terminal 100.
[0150] The control unit 301 receives the encrypted device
identifier ID4 and the encrypted authentication key Key14 from the
terminal 100 via the transmission/reception unit 303 (step S13),
and has the decryption unit 304 decrypt the encrypted device
identifier ID4 and the encrypted authentication key Key14 (step
S14). The control unit 301 writes the decrypted device identifier
ID4 and authentication key Key14 in correspondence to the storage
area 310 (step S15).
[0151] 1.2.3 Operations when the Home Server 300 Distributes
Content to the TV 400
[0152] The following describes with use of FIG. 6 operations when
the home server 300 distributes content to the TV 400.
[0153] The control unit 301 of the home server 300 has the
authentication unit 307 authenticate the TV 400 (step S21).
[0154] The control unit 301 receives an authentication result from
the authentication unit 307, and judges whether the authentication
result is success or not (step S22). When the authentication result
is not success (step S22, NO), the processing ends. When the
authentication result is success (step S22, YES), the control unit
301 reads the content stored in the storage area 309 (step S23),
has the encryption unit 308 encrypt the read content using the
session key derived in authentication (step S24), and distributes
the encrypted content to the TV 400 via the transmission/reception
unit 306 (step S25).
[0155] 1.2.4 Operations when the home server authenticates the TV
400
[0156] The following describes with use of FIG. 7 operations when
the home server 300 authenticates the TV 400 (step S21).
[0157] The authentication unit 307 of the home server 300 generates
a random number r1 (step S31), and transmits the generated random
number r1 to the TV 400 via the transmission/reception unit 306
(step S32).
[0158] The authentication unit 402 of the TV 400 receives the
random number r1 via the transmission/reception unit 403, generates
a random number r2 (step S33), concatenates the received r1 and the
generated r2 (step S34), and encrypts the concatenated r1r2 using
the authentication key Key14 (step S35). The authentication unit
402 transmits the encrypted r1r2 to the home server 300 via the
transmission/reception apparatus 403 (step S36).
[0159] The authentication unit 307 of the home server 300 decrypts
the received encrypted r1r2 using the authentication key Key14, and
derives r1r2 (step S37), and judges whether rl was derived from the
decrypted data (step S38). When r1 is not derived (step S38, NO),
the authentication unit 307 outputs an authentication result
showing that authentication was not successful to the control unit
301 (step S40). When r1 is derived (step S38, YES), the
authentication unit 307 outputs r2 to the encryption unit 308 (step
S39), and outputs an authentication result showing that
authentication was successful to the control unit 301 (step
S40).
[0160] 2. Second Embodiment
[0161] In the first embodiment, a problem arises when, for example,
the service technician loses a special-purpose terminal by which a
key has been registered and there is a possibility that the
terminal may be used illegally. The problem is that it is not
possible to distinguish between a key that was registered before
the terminal was lost and a key that was registered after the
terminal was lost. The following describes an authentication system
1200 that enables a key registered by the terminal that might be
used illegally to be revoked.
[0162] 2.1 Structure of the Authentication System 1200
[0163] As shown in FIG. 8, the authentication system 1200 is
composed of special-purpose terminals (hereinafter referred to
simply as "terminal(s)") 120 and 140, a home system 220, the
Internet 700, a management apparatus 920, and the content
distribution apparatus 800. The home system 220 is composed of a
home server 320, a TV 420, a TV 520, and a router 620.
[0164] The management apparatus 920 and the content distribution
apparatus 800 are connected to the router 620 via the Internet
700.
[0165] The following describes the structure of the authentication
system 1200 that differs to the authentication system 1100.
[0166] 2.1.1 Management Apparatus 920
[0167] The management apparatus 920 issues revocation information.
The revocation information is for revoking a terminal that might be
used illegally and keys registered in the terminal. The revocation
information is composed of the unique ID of the revoked terminal,
and digital signature data generated by applying a digital
signature algorithm S to the ID. Here, the digital signature
algorithm S is based on the ElGamal Signature scheme which uses a
discrete logic problem based on a finite field as a basis for
security. Since the ElGamal signature scheme based on a discrete
field is commonly known, a description is omitted here.
[0168] 2.1.2 Terminal 120
[0169] As shown in FIG. 15, the terminal 120 is composed of a
control unit 121, an input unit 122, a verification unit 123, a
storage unit 124, an encryption unit 125, a key generation unit
126, a transmission/reception unit 127, and an authentication unit
128. The input unit 122, the verification unit 123, the key
generation unit 126, the transmission/reception unit 127 and the
authentication unit 128 have the same structure as the
corresponding constructional elements in the terminal 100.
[0170] The following describes the storage unit 124, the encryption
unit 125, and the control unit 121, whose structures differ from
the terminal 100.
[0171] (1) Storage Unit 124
[0172] The storage unit 124 stores the function F, a service
technician identifier ID_S2, a password S2 and an ID Module-2 that
is unique to the terminal 120.
[0173] (2) Encryption Unit 125
[0174] The encryption unit 125 receives the device identifier ID4,
an authentication key Key24 and Module-2 from the control unit 121,
encrypts the received device identifier ID4, authentication key
Key24 and Module-2 based on an encryption algorithm E, to generate
an encrypted device identifier ID4, an encrypted authentication key
Key24, and an encrypted Module-2. The encryption unit 125 outputs
the encrypted device identifier ID4, the encrypted authentication
key Key24, and the encrypted Module-2 to the control unit 121.
[0175] (3) Control Unit 121
[0176] In the same manner as the control unit 101 in the terminal
100, the control unit 121 has the verification unit 123 verify the
service technician ID and the password, has the authentication unit
128 perform mutual authentication with the home server 320, and has
the key generation unit 126 generate a key.
[0177] The control unit 121 receives the authentication key Key24
from the key generation unit 126, reads Module-2 from the storage
unit 124, and has the encryption unit 125 encrypt the device
identifier ID4, the received authentication key Key24, and the read
Module-2.
[0178] The control unit 121 receives the encrypted device
identifier ID4, the encrypted authentication key Key24, and the
encrypted Module-2, and transmits the encrypted device identifier
ID4, the encrypted authentication key Key24, and the encrypted
Module-2 to the home server 320 via the transmission/reception unit
127.
[0179] 2.1.3 Terminal 140
[0180] As shown in FIG. 16, the terminal 140 is composed of a
control unit 141, an input unit 142, a verification unit 143, a
storage unit 144, an encryption unit 145, a key generation unit
146, a transmission/reception unit 147 and an authentication unit
148.
[0181] The input unit 142, the verification unit 143, the
encryption unit 145, the transmission/reception unit 147 and the
authentication unit 148 have the same structure as the
corresponding compositional elements in the terminal 120, and
therefore descriptions are omitted here.
[0182] The following describes the storage unit 144, the key
generation unit 146 and the control unit 141, which differ from the
terminal 120.
[0183] (1) Storage Unit 144
[0184] The storage unit 144 stores a function G which is different
than the function F, a service technician identifier ID_S3, a
password S3 and Module-3 which is an ID that is unique to the
terminal 140.
[0185] (2) Key Generation Unit 146
[0186] The key generation unit 146 receives the device identifier
ID4 from the control unit 141, reads the function G from the
storage unit 144, and generates an authentication key Key34 from
the device identifier ID4 using the read function G. The key
generation unit 146 then outputs the generated authentication key
Key34 to the control unit 141. The key generation unit 146 performs
the same type of processing when it receives the device identifier
ID5, and outputs the authentication key Key35 to the control unit
141.
[0187] (3) Control Unit 141
[0188] In the same way as the control unit 121, the control unit
141 has the verification unit 143 verify the service technician
identifier ID_S3 and the password S3, has the authentication unit
148 perform mutual authentication with the home server 320, and has
the key generation unit 146 generate a key.
[0189] The control unit 141 receives the authentication key Key34
from the key generation unit 146, and reads Module-3 from the
storage unit 144. The control unit 141 then has the encryption unit
145 encrypt the device identifier ID4, the received authentication
key Key34 and the read Module-3.
[0190] The control unit 141 receives the encrypted device
identifier ID4, the encrypted authentication key Key34 and the
encrypted Module-3, and transmits the encrypted device identifier
ID4, the encrypted authentication key Key34 and the encrypted
Module-3 to the home server 320 via the transmission/reception unit
147.
[0191] 2.1.4 Home Server 320
[0192] As shown in FIG. 17, the home server 320 is composed of a
control unit 321, an authentication unit 322, a
transmission/reception unit 323, a decryption unit 324, a storage
unit 325, a transmission/reception unit 326, an authentication unit
327, an encryption unit 328, and a signature verification unit
329.
[0193] The following describes the storage unit 325, the signature
verification unit 329 and the control unit 321 which differ to the
home server 300.
[0194] (1) Storage Unit 325
[0195] As shown in FIG. 9, the storage unit 325 includes a storage
area 332, and storage areas 330 and 331 that cannot be observed or
modified from outside.
[0196] The storage area 332 stores content distributed by the
content distribution apparatus 800.
[0197] The storage area 331 stores the public key of the management
apparatus 920.
[0198] As shown in FIG. 9, the storage area 330 is composed of
storage areas 333 and 334.
[0199] The storage area 334 stores the ID of a revoked
terminal.
[0200] The storage area 333 stores the device identifier ID5 of the
TV 520 already registered in the home server 320, the
authentication key Key25, Module-2 and a revocation flag in
correspondence. Module-2 is the ID of the terminal 120 in which the
authentication key Key25 is registered. The revocation flag shows
whether the terminal in which the authentication key Key25 is
registered and the keys registered using the terminal are revoked
or not. The revocation flag is shown by a broken line in FIG. 9. In
the second embodiment, a revocation flag set to "1" shows that the
terminal shown by the corresponding ID and keys registered using
the terminal are revoked, and a revocation flag set to "0" shows
that the terminal and the keys are not revoked.
[0201] The storage area 333 stores the device identifier ID4, the
authentication key Key24 and Module-2 received from the control
unit 321 in correspondence with the revocation flag set to "0", as
shown in FIG. 10.
[0202] (2) Signature Verification Unit 329
[0203] The signature verification unit 329 receives the revocation
information from the control unit 321, and verifies the signature
data of the management organization 900 in the received revocation
information by applying signature verification V to the signature
data. Here, the signature verification V is an algorithm for
validating the signature data generated according to the digital
signature algorithm S. The signature verification unit 329 outputs
a verification result to the control unit 321.
[0204] (3) Control Unit 321
[0205] The control unit 321 receives the encrypted device
identifier ID4, the encrypted authentication key Key24 and the
encrypted Module-2 from the terminal 120, and has the decryption
unit 324 decrypt the encrypted device identifier ID4, the encrypted
authentication key Key24 and the encrypted Module-2, in the same
way as the control unit 301. The control unit 321 receives the
device identifier ID4, the authentication key Key24 and Module-2
from the decryption unit 324, and writes these in correspondence
with the revocation flag "0" to the storage area 333, as shown in
FIG. 10.
[0206] The control unit 321 receives the revocation information via
the router 620, and has the signature verification unit 329 verify
the signature. On receiving a verification result from the
signature verification unit 329, the control unit 321 judges
whether the verification result is success or not, and ends the
processing when the verification result is not success. When the
verification result is success, the control unit 321 stores the
revoked terminal ID included in the received revocation information
in the storage are 334, as shown in FIG. 11. In addition, the
control unit 321 judges whether Module-2 stored in correspondence
with the key stored in the storage area 333 and the ID included in
the revocation information match. When the two match, the control
unit rewrites the revocation flag "0" stored in correspondence with
Module-2 to "1", as shown in FIG. 11. In this way, the
authentication key Key24 and the authentication key Key25 stored in
correspondence with the revocation flag "1" are shown to be
revoked.
[0207] Furthermore, the control unit 321 transmits authentication
key revocation information to the TVs 420 and 520. The
authentication key revocation information is for notifying the TVs
420 and 520 that the authentication keys Key24 and Key25 stored in
correspondence with Module-2 are revoked, and includes the
authentication keys Key24 and Key25.
[0208] 2.1.5 TVs 420 and 520
[0209] The TVs 420 and 520 are authorized in advance by the
management organization 900.
[0210] Similar to the TV 400, the TV 420, as shown in FIG. 18, is
composed of a control unit 421, an authentication unit 422, a
transmission/reception unit 423, a decryption unit 427, a storage
unit 424, a monitor 425 and a speaker 426. The TV 520 has the same
structure and is shown in FIG. 19. The reception/transmission unit
423, the decryption unit 427, the monitor 425 and the speaker 426
are the same as the corresponding compositional elements in the TV
400. The following describes the storage unit 424, the
authentication unit 422 and the control unit 421 which differ from
the TV 400.
[0211] (1) Storage Unit 424
[0212] The storage unit 424 is a storage area that cannot be
observed or modified from outside, and that stores the device
identifier ID4 that is unique to the TV 420, the authentication key
Key24, and the authentication key Key34. The authentication key
Key24 has been generated from the device identifier ID4 using the
function F, and the authentication key Key34 has been generated
from the device identifier ID4 using the function G. A priority
order for the authentication keys Key24 and Key34 has been
determined in advance. The authentication key Key24 has higher
priority than the authentication key Key34, and is therefore used
before the authentication key Key34.
[0213] Similarly, the storage unit 524 of the TV 520 stores
identifier ID5, an authentication key Key25 and an authentication
key Key35. The authentication key Key25 has been generated from the
device identifier ID5 using the function F, and the authentication
key Key35 has been generated from the device identifier ID5 using
the function G. A priority order has also been determined for the
authentication key Key25 and the authentication key Key35.
[0214] (2) Authentication Unit 422
[0215] The following describes the structure of the authentication
unit 422 that differs to the authentication unit 402.
[0216] When being authenticated by the home server 320, the
authentication unit 422 encrypts r1r2 first using the
authentication key Key24 that is highest in the priority order.
When the authentication key Key24 is revoked, the authentication
unit 422 encrypts r1r2 using the authentication key Key34, which is
next in the priority order.
[0217] (3) Control Unit 421
[0218] The control unit 421 receives authentication key revocation
information from the home server 320 via the transmission/reception
unit 423, judges whether the authentication key Key24, which is
highest in the priority order, matches the authentication key
revocation information, and when the authentication key Key24
matches authentication key revocation information, deletes the
authentication key Key24.
[0219] 2.2 Operations by the Authentication System 1200
[0220] 2.2.1 Operations when Registering the TV 420 in the Home
Server 320 using the Terminal 120
[0221] The following describes operations when a service technician
newly connects the TV 420 to the home system 220, in which the home
server 320 and the TV 520 are connected by the router 620, and sets
a key in the home server 320. Note that the authentication key
Key25 of the TV 520 is already registered in the home server
320.
[0222] The service technician takes the terminal 120 to the user's
home. Before registration processing, the service technician inputs
the service technician identifier ID_S2 and the password S2 into
the terminal 120.
[0223] The control unit 121 of the terminal 120 receives the
service technician identifier ID_S2 and the password S2, and has
the verification unit 123 verify the service technician identifier
ID_S2 and the password S2 in the same way as the terminal 100. On
receiving a verification result from the verification unit 123, the
control unit 121 judges whether the verification result is success
or not. The control unit 121 ends registration processing when the
verification result is not success, and continues registration
processing when the verification result is success.
[0224] The terminal 120 is connected to the home server 320 by the
service technician. On the input unit 122 receiving the input of
the device identifier ID4, the control unit 121 has the
authentication key Key24 generated in the same way as in the first
embodiment. The control unit 121 receives the authentication key
Key24 from the key generation unit 126, reads Module-2 from the
storage unit 124, and outputs the device identifier ID4, the
authentication key Key24 and Module-2 to the encryption unit
125.
[0225] The encryption unit 125 encrypts the received device
identifier ID4, authentication key Key24 and Module-2 based on the
encryption algorithm E, and outputs the encrypted device identifier
ID4, the encrypted authentication key Key24 and the encrypted
Module-2 to the control unit 121.
[0226] The control unit 121 transmits the received encrypted device
identifier ID4, encrypted authentication key Key24 and encrypted
Module-2 to the home server 320 via the transmission/reception unit
127.
[0227] The control unit 321 of the home server 320 receives the
encrypted device identifier ID4, the encrypted authentication key
Key24 and the encrypted Module-2, and has the decryption unit 324
decrypt the encrypted device identifier ID4, the encrypted
authentication key Key24 and the encrypted Module-2 in the same way
as in the first embodiment.
[0228] The control unit 321 receives the decrypted device
identifier ID4, authentication key Key24, and Module-2 from the
decryption unit 324, reads the revoked terminal ID from the storage
unit 334, and judges whether the read ID and the decrypted ID
match. The control unit 321 ends the processing when the two match,
and when the two do not match or when the revoked terminal ID is
not stored in the storage area 334, the control unit 321 writes
Module-2, the device identifier ID4, the authentication key Key24,
and a revocation flag "0" in correspondence to the storage area
333.
[0229] 2.2.2 Operations when the Terminal 120 is Revoked
[0230] The following describes with use of FIG. 13 operations when
revoking the terminal 120 when the terminal 120 might be used
illegally due to being lost or the like.
[0231] The management apparatus 920 distributes revocation
information to the home server 320 via the Internet 700.
[0232] The control unit 321 of the home server 320 receives the
revocation information via the router 620 and the
transmission/reception unit 326 (step S41), and has the signature
verification unit 329 verify the signature data in the received
revocation information (step S42).
[0233] The control unit 321 receives the verification result from
the signature verification unit 329, judges whether the received
verification result is success or not (step S43), and ends the
processing when the verification result is not success (step S43,
NO). When the verification result is success (step S43, YES), the
control unit 321 writes Module-2, which is the ID of the terminal
120 included in the revocation information, to the storage area
334, as shown in FIG. 11 (step S44). In addition, the control unit
321 reads Module-2, which is the ID of the terminal 120 that
generated the key authentication keys Key24 and Key25 stored in the
storage area 333 (step S45), and judges whether the read Module-2
and the ID included in the revocation information match (step S46).
When the two do not match (step S46, NO), the control unit 321 ends
the processing. When the two match (step S46, YES), the control
unit 321 rewrites the revocation flags corresponding to the
authentication keys Key24 and Key25 registered using Module-2
stored in the storage area 333 to "1", in order to invalidate the
authentication keys Key24 and Key25 (step S47).
[0234] Furthermore, the control unit 321 transmits authentication
key revocation information that notifies that the authentication
keys Key24 and Key25 have been revoked, to the TV 420 and the TV
520 via the transmission/reception unit 326.
[0235] In this way the home server 320 refuses connection by the
revoked terminal 120 by registering Module-2 which is the ID of the
revoked terminal 120. In addition, by revoking the authentication
key Key24 and the authentication key Key25, the control unit 321
refuses authentication and usage of content to an illegally set TV,
even if the TV is set illegally using the terminal 120.
[0236] 2.2.3 Operations when Re-Registering the TV 420 and the TV
520 Using the Terminal 140
[0237] The following describes operations when the service
technician re-registers the other authentication keys Key34 and Key
35 of the TV 420 and the TV 520, respectively, using the other
terminal 140, after the authentication keys Key24 and Key25
generated using the function F have been revoked.
[0238] The service technician takes the terminal 140 to the user's
home. Before registration processing, the service technician inputs
a service technician identifier ID_S3 and a password S3 into the
terminal 140.
[0239] The control unit 141 of the terminal 140 receives input of
the service technician identifier ID_S3 and the password S3 from
the input unit 142, and has the verification unit 143 verify the
service technician identifier ID_S3 and the password S3 in the same
way as the terminal 100 is verified. On receiving the verification
result from the verification unit 143, the control unit 141 judges
whether the verification result is success or not. The control unit
141 ends the registration processing when the verification result
is not success, and continues the registration processing when the
verification result is success.
[0240] The terminal 140 is connected to the home server 320 by the
service technician. On the input unit 142 receiving the input of
the device identifier TD4, the control unit 141 has the
authentication key Key34 generated using the function G, in the
same way as the terminal 100. The control unit 141 has the
encryption unit 145 encrypt Module-3, which is the ID of the
terminal 140, the device identifier ID4 and the generated
encryption key Key34, and transmits the encrypted Module-3, the
encrypted device identifier ID4 and the encrypted authentication
key Key34 to the home server 320 via the transmission/reception
unit 147. The control unit 141 processes in the same way when input
of the device identifier ID5 is received.
[0241] The control unit 321 of the home server 320 has the
decryption unit 324 decrypt the received information, and writes
Module-3, the device identifier ID4 and the authentication key
Key34 received from the decryption unit 324 in correspondence with
a revocation flag "0" to the storage area 333, as shown in FIG. 12.
Similarly, the control unit 321 writes Module-3, the device
identifier ID5 and the authentication key Key35 in correspondence
with a revocation flag "0" in the storage area 333, as shown in
FIG. 12.
[0242] 3. Third Embodiment
[0243] In the authentication system 1200 of the second embodiment,
when re-registering keys and the like, it is possible to for the
keys to be registered over a network instead of the service
technician setting the keys at the user's home, when it can be
confirmed that the TV to be registered is at the user's home and
that the TV is authorized by the management organization 900.
[0244] The following describes a structure for setting keys in the
home server 320 via the Internet 700 using the terminal 140.
[0245] 3.1 Structure of Authentication System 1300
[0246] As shown in FIG. 14, an authentication system 1300 is
composed of the terminal 120, the terminal 140, the home system
220, the Internet 700, the management apparatus 920 and the content
distribution apparatus 800. The home system 220 is composed of the
home server 320, the TV 420, the TV 520, and the router 620.
[0247] The management apparatus 920, the content distribution
apparatus 800 and the terminal 140 are connected to the router 620
via the Internet 700.
[0248] The following describes the structure of the authentication
system 1300 that differs from the authentication system 1200.
[0249] 3.2 Operations by the Authentication System 1300
[0250] 3.2.1 Operations when Re-Registering a Key with the Terminal
140
[0251] The following describes operations when re-registering the
authentication key Key34 of the TV 420 and the authentication key
Key35 of the TV 520 in the home server 320 via the Internet 700 and
using the terminal 140, after the terminal 120 has been revoked,
using the method of the second embodiment.
[0252] The management organization 900 is informed by the user of
the device identifier ID4 of the TV 420 over the telephone. Note
that the method used here is not limited to being the telephone,
but e-mail or the like may be used.
[0253] The service technician inputs the service technician
identifier ID_S3 and the password S3 through the input unit
142.
[0254] The control unit 141 verifies the service technician
identifier ID_S3 and the password S3 in the same manner as in the
second embodiment.
[0255] On being connected to the Internet 700 by the service
technician, the terminal 140 performs mutual authentication with
the home server 320 using the same method as the first embodiment.
When mutual authentication succeeds, the authentication system 1300
secures a safe communication path connecting the terminal 140 and
the home server 320. The safe communication path is realized by
encrypting data on the communication path by a method such as IPsec
(IP security).
[0256] The service technician inputs the device identifier ID4 from
the input unit 142 of the terminal 140, at the management
organization 900.
[0257] The control unit 141 of the terminal 140 receives input of
the device identifier ID4 from the input unit 142, and has the
authentication key Key34 generated with use of the function G using
the same operations as the terminal 120. The control unit 141 has
the encryption unit 145 encrypt Module-3, the device identifier
ID4, and the generated authentication key Key34, and transmits the
encrypted Module-3, the encrypted device identifier ID4, and the
encrypted authentication key Key34 to the home server 320 via the
Internet 700. The control unit 141 also processes in the same
manner on receiving the device identifier ID5.
[0258] The control unit 321 of the home server 320 receives the
encrypted Module-3, the encrypted device identifier ID4, and the
encrypted authentication key Key34, and has the decryption unit 324
decrypt the encrypted device identifier ID4, and the encrypted
authentication key Key34. The control unit 321 then writes the
decrypted Module-3, device identifier ID4 and authentication key
Key34, and a revocation flag "0" in correspondence to the storage
area 333. The control unit 321 receives the encrypted Module-3, the
encrypted device identifier ID5 and the encrypted authentication
key Key35, and has them decrypted in the same manner, and writes
the decrypted Module-3, device identifier ID5, authentication key
Key35, and a revocation flag "0" to the storage area 333.
[0259] In this way, it is possible to set keys in the home server
320 via the Internet 700 and using the terminal 140.
[0260] 4. Modifications
[0261] The present invention is not limited to the above-described
embodiments, but includes cases such as the following.
[0262] (1) The revocation information is not limited to being
distributed via the Internet, but instead may be distributed
recorded on a recording medium such as a DVD or a CD.
[0263] If this method is used, it is not necessary for the home
server to be able to connect with external apparatuses.
[0264] (2) Revoked keys are not limited to being stored in
correspondence with a revocation flag "1". Instead, any method that
makes the revoked key unusable is possible. For example, device IDs
and keys registered by the revoked special-purpose terminal may be
deleted.
[0265] (3) The third embodiment is not limited to re-registering a
key in the home server.
[0266] The third embodiment may be applied when newly registering a
device in the home server if it can be confirmed that the device is
in the home and is authorized by the management organization 900.
As one example of a method for confirming that the device is in the
home, the device may be registered at the management organization
900 when the user purchases the device, as a user registration
card, and the user registration card used. When it can be judged
what kind of device the device is, for example because part of the
device ID shows that the device is a TV, it is possible to confirm
whether the type of device is authorized by the management
organization 900. Alternatively part of the ID may show that the
device is authorized by the management organization 900.
[0267] (4) In the third embodiment, the safe communication path is
not limited to being IPsec, but may be a general VPN (Virtual
Private Network). Alternatively, the safe communication path may be
provided physically by using a special-purpose line.
[0268] (5) Instead of the structure in the third embodiment by
which the terminal 140 transmits the encrypted data to the home
server 320, it is possible to have a structure by which the home
server 320 retrieves data from the terminal 140 via the router
620.
[0269] (6) The special-purpose terminal may be an IC card connected
to a PDA or a mobile telephone. In such a case, the functions F and
G and so on, and correspondence between IDs and keys are stored in
the IC card.
[0270] (7) Instead of the service technician inputting the ID of
the TV through the input unit, the ID may be a barcode that is
attached to the TV and that is read using the special-purpose
terminal. Alternatively, the ID may be recorded in an ID chip or
the like, and read by the special-purpose terminal.
[0271] (8) Although the function F and the function G are used to
generate keys from the IDs in the embodiments, it is possible to
use a method of expressing a correspondence between IDs and keys
instead of using functions. For example, the special-purpose
terminal may store a correspondence table of IDs and keys.
[0272] (9) The devices that are registered in the home server are
not limited to being TVs. For example, the devices may be image
playback devices or audio playback devices. Furthermore, the
devices may be recording devices that write to media such as DVDs
or memory cards.
[0273] The home server may be a playback device for storage media
such as DVDs.
[0274] (10) The home server is not limited to distributing content
to one TV as described in the embodiments, but may instead
distribute content to a plurality of TVs simultaneously.
[0275] The following is an example of a method used for mutual
authentication when the home server distributed content to the TV
400 and the TV 500.
[0276] First, the home server performs device authentication with
each of the TVs using the method of the first embodiment. Next, the
home server generates a content key for encrypting the content. The
home server encrypts the generated key using the shared session
keys of the TVs respectively, and distributes the respective
encrypted keys together with the encrypted content to the TVs. Each
TV decrypts the encrypted content key with the shared session key,
decrypts the encrypted content with the decrypted content key, and
plays back the decrypted content.
[0277] In this way, a plurality of TVs are able to play back the
content simultaneously.
[0278] (11) Although the home server authenticates the TV 400 in
the embodiments, it is possible to have a structure in which the
home server and the TV perform mutual authentication.
[0279] (12) Although in the second and third embodiments each TV
has two keys, i.e. a key generated using the function F and a key
generated using the function G, each TV may have three or more
keys. In such a case, each key is generated from the ID using a
different function.
[0280] (13) The home server and TV may be connected to the router
via an Ethernet.TM. or a locally set system, or a router may not be
used at all.
[0281] (14) Content may be prohibited from being distributed from
the home server to not only personal computers, but also to a
recording devices.
[0282] Furthermore, in such a case, the transmission control may be
performed in the following way according to the type of
content.
[0283] The home server stores, together with the device ID and the
key, the type of the device, for example, whether the device is for
listening only, or whether the device records. The server then
either permits or prohibits distribution to a device based on copy
control information attached to the content. Here, the copy control
information generally shows one of three types: (1) "Copy Never"
meaning that the content may not be copied at all, (2) "Copy Once"
meaning that the content may be copied once, and (3) "Copy Free"
meaning that the content may be copied freely. The home server
judges that the content may be distributed to a recording device
when the copy control information is (2) or (3), and prohibits
distribution to the recording device when the copy control
information is (1).
[0284] (15) Although in the second embodiment the home server 320
receives revocation information and transmits authentication key
revocation information to the TV 420 and the TV 520, the home
server 320 may instead transmit the received revocation information
to the TV 420 and the TV 520.
[0285] In this case, when registering the authentication key Key24
in the home server 320, the home server 320 receives the device
identifier ID4, the authentication key Key24 and Module-2 from the
terminal 120, and transmits Module-2 to the TV 420. The TV 420
stores the received Module-2 and the authentication key that is
highest in the priority order in correspondence. The TV 520
processes in the same manner.
[0286] The home server 320 receives the revocation information, and
transmits the received revocation information to the TVs 420 and
520. The TVs 420 and 520 each judge whether Module-2 stored in
correspondence with the highest priority key and the terminal ID in
the received revocation information match, and when the two match,
delete Module-2.
[0287] Furthermore, all devices in the home may receive the
revocation information from the management apparatus 920, and judge
whether the authentication key is revoked.
[0288] (16) The TV 420 and the TV 520 are not limited to deleting a
revoked authentication key on receiving authentication key
revocation information. It is sufficient for the TV 420 and the TV
520 to be able to judge that the authentication key is revoked and
cannot be used.
[0289] For example, if a revocation flag is attached to the
authentication keys in advance, on receiving the authentication key
revocation information, the TV 420 and the TV 520 may rewrite the
revocation flag of the authentication key that matches the
authentication key shown in the authentication key revocation
information to show that the revocation key is revoked.
[0290] (17) The present invention may be methods shown by the
above. Furthermore, the methods may be a computer program realized
by a computer, and may be a digital signal of the computer
program.
[0291] Furthermore, the present invention may be a
computer-readable recording medium such as a flexible disk, a hard
disk, a CD-ROM, an MO, a DVD, a DVD-ROM, a DVD RAM, a BD (Blu-Ray
Disc), or a semiconductor memory, that stores the computer program
or the digital signal. Furthermore, the present invention may be
the computer program or the digital signal recorded on any of the
aforementioned recording medium apparatuses.
[0292] Furthermore, the present invention may be the computer
program or the digital signal transmitted on an electric
communication line, a wireless or wired communication line, or a
network of which the Internet is representative.
[0293] Furthermore, the present invention may be a computer system
that includes a microprocessor and a memory, the memory storing the
computer program, and the microprocessor operating according to the
computer program.
[0294] Furthermore, by transferring the program or the digital
signal to the recording medium apparatus, or by transferring the
program or the digital signal via a network or the like, the
program or the digital signal may be executed by another
independent computer system.
[0295] (18) The present invention may be any combination of the
above-described embodiments and modifications.
[0296] Although the present invention has been fully described by
way of examples with reference to the accompanying drawings, it is
to be noted that various changes and modifications will be apparent
to those skilled in the art. Therefore, unless otherwise such
changes and modifications depart from the scope of the present
invention, they should be construed as being included therein.
* * * * *